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WHAT IS CLAIMED IS: 



1 1. A method comprising: 

2 receiving a resource request from a first requestor^ the 

3 resource request including credentials and identifying an 

4 operation to be performed with respect to a resource; 

5 mapping the resource request to a resource 

6 identifier; 

7 searching a resource data structure for a resource node 

8 based on the resource identifier; and 

9 determining whether the first requestor is authorized to 

10 perform the operation with respect to the resource based on 

11 whether the credentials in the resource request match a 

12 resource authorization parameter associated with the resource 

13 node. 

1 2 , The method of claim 1 wherein searching includes 

2 searching resource nodes each of which represents a resource 

3 and includes a resource identifier. 

1 3. The method of claim 1 wherein searching includes 

2 searching a directed graph structure. 

1 4 . The method of claim 1 wherein receiving a resource 

2 request includes receiving a digital certificate conforming to 

3 a simplified public key infrastructure. 
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1 5. The method of claim 1 wherein mapping includes mapping 

2 the resource request to the resource identifier and a resource 

3 authorization parameter including an owner level authorizing 

4 complete access to the resource. 

1 6. The method of claim 1 wherein mapping includes mapping 

2 the resource request to the resource identifier and a resource 

3 authorization parameter including an editor level authorizing 

4 read/write access to the resource. 

1 7. The method of claim 1 wherein mapping includes mapping 

2 the resource request to the resource identifier and a resource 

3 authorization parameter including a reviewer level authorizing 
. 4 read only access to the resource. 

1 8. The method of claim 1 wherein mapping includes mapping 

2 the resource request to the resource identifier and a resource 

3 authorization parameter including a none level denying all 

4 access to the resource. 

1 9. The method of claim 1 including delegating the 

2 credentials of a child node to a parent node in the resource 

3 data structure. 

1 10. The method of claim 9 in which the resource request is 

2 handled based on the delegated credentials. 
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1 11, The method of claim 1 wherein the resource request 

2 originates from a client computer directed to a server 

3 computer over a network. 

1 12. An apparatus comprising: 

2 a memory for storing a resource data structure having 

3 resource nodes each of which represents a respective resource 

4 and which has a respective resource identifier and a resource 

5 authorization parameter; and 

6 a processor configured to: 

7 receive a resource request from a first requestor, 

8 the resource request including credentials and 

9 identifying an operation to be performed with respect to 

10 a resource; 

11 map the resource request to a resource identifier; 

12 search the resource data structure for a resource 

13 node based on the resource identifier; and 

14 determine whether the first requestor is authorized 

15 to perform the operation with respect to the resource 

16 based on whether the credentials in the resource request 

17 match a resource authorization parameter associated with 

18 the resource node. 

1 13. The apparatus of claim 12 wherein the resource data 

2 structure comprises a directed graph structure. 
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1 14. The apparatus of claim 12 wherein the credentials include 

2 a digital certificate conforming to a simplified public key 

3 infrastructure. 

1 15. The apparatus of claim 12 wherein the resource 

2 authorization level includes an owner level authorizing 

3 complete access to the resource. 

1 16. The apparatus of claim 12 wherein the resource 

2 authorization level includes an editor level authorizing 

3 read/write access to the resource. 

1 17. The apparatus of claim 12 wherein the resource 

2 authorization level includes a reviewer level authorizing read 

3 only access to the resource. 

1 18. The apparatus of claim 12 wherein the resource 

2 authorization level includes a none level denying all access 

3 to the resource. 

1 19. The apparatus of claim 12 wherein resource data structure 

2 includes the delegation of a resource authorization level from 

3 a child node to a parent node. 

1 20. A system comprising: 

2 a first computer associated with a first requestor 

3 configured to generate resource requests with credentials; 
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4 a second computer including memory storing a resource 

5 data structure with resource nodes each of which represents a 

6 respective resource and which has a respective resource 

7 identifier and a resource authorization level, and the second 

8 computer configured to: 

9 receive a resource request from a first requestor, 

10 the resource request including credentials and 

11 identifying an operation to be performed with respect to 

12 a resource; 

13 map the resource request to a resource identifier; 

14 search the resource data structure for a resource 

15 node based on the resource identifier; and 

16 determine whether the first requestor is authorized 

17 to perform the operation with respect to the resource 

18 based on whether the credentials in the resource request 

19 match a resource authorization level associated with the 

20 resource node; and 

21 a network over which the first and second computers 

22 communicate . 

1 21, The system of claim 20 wherein the resource data 

2 structure comprises a directed graph data structure. 
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1 22. The system of claim 20 wherein the credentials include a 

2 digital certificate conforming to a simplified public key 

3 infrastructure. 

1 23. The system of claim 20 wherein the resource authorization 

2 level includes a level from the group consisting of owner 

3 level, editor level, reviewer level, none level. 

1 24. The system of claim 20 including the delegation of the 

2 credentials from a child node to a parent node. 

1 25. The system of claim 20 including the delegation of 

2 credentials associated with the first requestor to a second 

3 requestor wherein the second requestor can request resources 

4 using the credentials from the first requestor as if it were 

5 the first requestor. 

1 26. An article comprising a computer readable medium that 

2 stores computer executable instructions for causing a computer 

3 system to: 

4 map a resource request to a resource identifier, in 

5 response to receiving the resource request from a first 

6 requestor, the resource request including credentials and 

7 identifying an operation to be performed with respect to a 

8 resource; 

9 search a resource data structure for a resource node 
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10 based on the resource identifier; and 

11 determine whether the first requestor is authorized to 

12 perform the operation with respect to the resource based on 

13 whether the credentials in the resource request match a 

14 resource authorization level associated with the resource 

15 node. 

1 27. The article of claim 26 including instructions for 

2 causing the computer system to have a directed graph data 

3 structure with resource nodes representing resources including 

4 a resource identifier and a resource authorization level. 

1 28. The article of claim 26 including instructions for 

2 causing the computer system to have digital certificates 

3 conforming to a simplified public key infrastructure. 

1 29. The article of claim 26 including instructions for 

2 causing the computer system to delegate the credentials of a 

3 child node to a parent node. 

1 30. The article of claim 26 including instructions for 

2 causing the computer system to delegate the credentials 

3 associated with the first requestor to a second requestor to 

4 allow the second requestor to request resources using the 

5 credentials from the first requestor as if it were the first 

6 requestor. 
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